Cybercriminals are currently mass mailing millions of emails impersonating Microsoft Corporation in an attempt to trick users into clicking on a link in a bogus ‘License Order” confirmation email. Upon clicking on the link, users are exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit.

More details:

Sample screenshot of the spamvertised email:

Sample compromised URL used in the campaign:hxxp://kalender.mn-welt.de/page2.htm

Once executed, the sample creates the following file on the affected host: %AppData%KB00121600.exe – MD5: D5211A7882C3C3E66F4A7DB04C2A0280 – detected by 37 out of 44 antivirus scanners as Trojan.Win32.Bublik.obv